Black hole found in the internet

Security experts have found a big black hole in the Internet which is now being used by someone to suck up personal data like a giant Dyson.

According to Wired, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system in 2008. It was a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data.

It could be carried out in a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it.

At the time they got a round of applause but nothing really came of it. Now it appears that someone is using their technique to hijack internet traffic headed to government agencies, corporate offices and other recipients in the US and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations.

Analysts at Renesys, a network monitoring firm, said that over several months earlier this year someone diverted the traffic using the same vulnerability in the so-called Border Gateway Protocol, or BGP.

The method was used nearly 38 times, grabbing traffic from about 1,500 individual IP blocks.

Renesys senior analyst Doug Madory says initially he thought the motive was financial. But then the hijackers began diverting traffic intended for the foreign ministries of several countries.

Madory cautions that he does not know who is behind the hijacks but the characteristics of the hijacks indicate they were intentional.

BGP hijacking happens in some form or fashion every day, but it is usually unintentional and the result of a typo in a routing announcement. When it happens, it creates an outage because the traffic never reaches its destination.

In April 2010, China Telecom made an announcement for more than 50,000 blocks of IP addresses, and within minutes some of the traffic destined for these domains got sucked into China Telecom’s network for 20 minutes. At the time, it was considered a Chinese hack, but Renesys thinks that the China crisis was a terrible mistake rather than deliberate.